As computing networks increase in size, the number and distribution of available resources (e.g., computing and storage resources) becomes more varied. While network growth can provide an improvement in processing power, it can also make the efficient and secure management of encryption keys more difficult.
When a new workload is cloned, the clone may be allocated a specific Internet Protocol (IP) address. Sometimes a public key is generated, which may be used as part of secure shell (ssh) network protocol data exchange sessions. When another network node (e.g., a local ssh client) connects to the new workload, the node will match the IP address assigned to the workload with the public key and place it in the known_hosts file (e.g., assuming the LINUX operating system is used). As workloads are removed from and added to the network, previously-allocated IP addresses (and their associated public keys) may be mapped to new workloads. Connecting client nodes may then flag this situation as a possible security issue, even when there is no problem.
Other difficulties may arise. For example, if a new server is brought into the network, with a key to a previously-existing network server having the same IP address, a new key will need to be manually transferred between the new server and the node that connects to it. As servers are created and destroyed, transferred keys might be stolen and used to spoof other servers on the network.
Problems may also occur when connecting one virtual machine (VM) to another. For example, when a new VM is created on a network, there is sometimes no way to know whether certain workloads are legitimately associated with the new VM, or whether they have been taken from a hijacked, compromised VM.